Adeodato Simó
2005-Mar-16 23:56 UTC
[Pkg-kde-talk] kdelibs 3.3.2-4 not vulnerable to CAN-2005-0396
Hello,
I just wanted to inform the Testing Security Team that kdelibs 3.3.2-4
as uploaded to unstable on Mar 14th is not vulnerable to CAN-2005-0396,
Local DCOP denial of service vulnerability [1], despite this not being
mentioned in the changelog. A proper patch was included in the package.
[1] http://www.kde.org/info/security/advisory-20050316-1.txt
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Loan-department manager: "There isn''t any fine print. At these
interest rates, we don''t need it."
Micah Anderson
2005-Mar-18 05:12 UTC
[Pkg-kde-talk] Re: [Secure-testing-team] kdelibs 3.3.2-4 not vulnerable to CAN-2005-0396
Thanks for letting us know... It doesn''t show up in http://newraff.debian.org/~joeyh/testing-security.html because the CAN is still "reserved" because the people that have reserved it have not released it yet. However, we have noted in our files that kdelibs 3.3.2-4 contains this fix, and as long as this makes it into testing, then things should be fine. Micah On Thu, 17 Mar 2005, Adeodato Sim=F3 wrote:> Hello, >=20 > I just wanted to inform the Testing Security Team that kdelibs 3.3.2-4 > as uploaded to unstable on Mar 14th is not vulnerable to CAN-2005-0396, > Local DCOP denial of service vulnerability [1], despite this not being > mentioned in the changelog. A proper patch was included in the package. >=20 > [1] http://www.kde.org/info/security/advisory-20050316-1.txt >=20 > --=20 > Adeodato Sim=F3 > EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 > =20 > Loan-department manager: "There isn''t any fine print. At these > interest rates, we don''t need it." >=20 >=20 > _______________________________________________ > Secure-testing-team mailing list > Secure-testing-team@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team